Set Advanced Permissions

Use the Exchange Administration Delegation Wizard to set permissions on organizations and administrative groups, and thus control access to the Exchange objects contained within the organization or administrative group. You can also set permissions on some Exchange objects individually. These objects include public folder trees, address lists, MDBs, protocols, and servers. For these objects, you can use the Access Control Settings dialog box to set extended permissions. Extended permissions are permissions that Exchange adds to the standard Active Directory permissions. Use this dialog box to specify the type of auditing you want on the object. When looking at an object's advanced permissions, the Active Directory permissions are listed first, followed by the Exchange extended permissions.

To set advanced permissions on a public folder tree, address list, MDB, protocol, or server:

1. Start System Manager
   On the Start menu, point to Programs, point to Microsoft Exchange, and then click System Manager.
2. Navigate to the object.
3. Right-click the object, and then click Properties.
4. Click the Security tab, and then click Advanced.
5. In the Access Control Settings for object name dialog box that appears, on the Permissions tab, set permissions for a user, computer, or group. These permissions include the standard Active Directory permissions and any Exchange extended permissions that apply to the object.
6. On the Permissions tab, in Name, select a user, computer, or group for which you want to set permissions. If you do not see the user, computer, or group in Name:
   • Click Add, and then in Select User, Computers, or Groups, select the user, computer, or group in Name, and then click Add again.

   • - OR -

   • Type the names of the users, computers, or groups in the text box, separated by semicolons.
7. In Permissions, select Allow or Deny for each type of permission.
8. If you want the object to inherit permissions from the organization, administrative group, or routing group that contains it, select the Allow inheritable permissions from parent to propagate to this object check box, or click to clear the check box if you do not want permissions inherited. By default, the check box is selected.
9. To remove a user, computer, or group from the Name, select the user, computer, or group, and then click Remove.
10. To modify the list of permissions for the user, computer, or group selected, under Permission Entries, click View/Edit, and then select Allow or Deny for each type of permission.
11. To change the owner of the object for which you are setting permission, on the Owner tab, select a name in the Change owner to list. Only administrators of the domain containing the object or administrators of trusted domains appear in the list.
12. To audit use of the object, on the Auditing tab, click Add to add a user, computer or group whose use of the object will be audited.
13. To select the type of auditing that will be performed, click View/Edit. In the Auditing Entry for object name dialog box that appears, in Access, choose to audit the success and failure of different types of access attempts.
14. To select how to apply auditing, in the Auditing Entry for object name dialog box, in Apply onto, select this object only, or this object and the objects it contains, or one of several other options.

Related Topics